RSA 2017: Time for digital Geneva Convention says Microsoft president

The increasing incidence of civilians caught up in cyber conflicts between nation-states means it's time for a new Geneva Convention on cyber-warfare, says Microsoft's Brad Smith.

Microsoft president Brad Smith speaking at RSA 2017

A "Digital Geneva Convention" should be created through international law aimed at protecting civilians from cyber-attacks and collateral damage, declared Brad Smith, president of Microsoft, in a speech at the RSA Conference in San Francisco.

"For over two-thirds of a century, the world's governments have been committed to protecting civilians in times of war, but when it comes to cyber-attacks, nation-state hacking has evolved into attacks on civilians in times of peace," Smith lamented during a morning keynote address.

"What we need now is a 'Digital Geneva Convention,'" Smith continued. "We need a convention that will call on the world's governments to pledge that they will not engage in cyber-attacks on the private sector. That they will not target civilian infrastructure, whether it's of the electrical or the economic or the political variety. We need governments to pledge that instead they will work with the private sector to respond to vulnerabilities. That they will not stockpile vulnerabilities.”

Smith cited several strong building blocks for such a convention, including the United Nation's 2015 formation of a Group of Governmental Experts, who recommended a set of international norms for behavior in cyberspace, as well as the 2015 negotiations between the US and China designed to curb the cyber-theft of private intellectual property.

He also noted that 2017 brings "an opportunity for a new president in the United States to sit across the table with the president from Russia and take another step forward to address the attacks that concern the world," alluding to Russia's widely reported cyber interference in the 2016 US presidential election.

Smith envisioned that a "Digital Geneva Convention" could work toward forming a new world organisation, modeled after the International Atomic Energy Agency, that unites the greatest cyber minds in the public and private sectors to not only monitor global cyber activity but also identify and call out nation-state attackers.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.